Harper Company Logo


      My clients and students often wonder about the "hot setup" for their manufacturing floor, office, or home. These articles match some of the handouts or fliers I give out.
Return to Article Index

Internet Explorer May Have Flaw

SEATTLE -- The Associated Press reported on Monday, August 12, that the popular Internet Explorer® software has a loophole that lets attackers mimic legitimate Web sites, giving them access to your name, passwords, credit card numbers, and other personal information.
      Microsoft® immediately replied that it is too soon to determine how severe the problem is or even if the flaw exists.
      An issue this serious, according to programmers and consultants, threatens the security of online banking, Web-based commerce, and any other "secure" transactions. Secure transactions typically take place on web sites reached through the "HTTPS' protocol.
      Although the problem is quite serious Symantec's security response team said that its complexity makes widespread attacks unlikely.
      The current versions of Internet Explorer®, Versions 5.0, 5.5 and 6.0, slip up while handling digital certificates such as those from VeriSign. These certificates work in the background of every secure browser information. They include code for encrypting your information and verify the sites as legitimate.
      Attackers taking advantage of the loophole could trick computer users into thinking they are visiting legitimate Web sites, and could convince them to divulge personal information. A Web site operator with a valid certificate could convince IE® 5, 5.5 or 6 it is any other Web site operator and intercept their information or send the intercepted user to faked sites to gather personal information.
      Other Web browsers, such as Netscape® and Mozilla® are not vulnerable.
      This newest flaw comes during Microsoft®'s difficulties with its security in its Passport system and during its launch of the Trustworthy Computing initiative. Microsoft® has issued 41 security bulletins with patches for IE in the first eight moths of this year alone.
      So far there have been no reports of real cases yet in which an attacker has successfully spoofed a Web site or gained information.
      We recommend against using any Microsoft® product that assists virii run on your computer or hands over personal information without your knowledge.

harper Company

802.868.3351 E-MAIL US INFO

Copyright © R. B. Harper, 2002. All Rights Reserved.
See our Copyright and Trademark information page for more information

you are here: www.northpuffin.com/support/articles/ie-flaw.htm